Collaborate Disseminate
I was a bit grumpy after discovering that git on Windows just stored credentials to my workplace repo in the Windows credential manager where it can be read by any other application I run. Having disabled that, I wondered: What about my e-… Continue reading Outlook app credential protection measures
Remote workforces pose new challenges for organizations, with the largest issue centered around fortifying the security of at-home workers. We’ve recently witnessed large companies that were hit with major data breaches and cybersecurity incidents poin… Continue reading Stop using your employees as scapegoats: Change their behavior
97 percent of senior security executives say attackers are increasingly trying to steal one or more types of credentials, a CyberArk survey reveals. As organizations move assets to the cloud, increase third-party access to corporate resources, and enab… Continue reading The importance of a zero trust-based approach to identity security
TransUnion’s latest analysis of global online fraud trends found that since the COVID-19 pandemic began, fraudsters are increasing their rate of digital schemes against businesses. In addition, a recent study found that more than one in three global co… Continue reading The war against the virus also fueling a war against digital fraud
While it is obvious that an attack surface is the sum of all ways the system can be compromised or attack vectors (please correct me if I am wrong here or am not taking something into account), it is not that obvious if an exposed username… Continue reading Does an exposed username increase the attack surface?
Everyone with half a mind for security will tell you not to click on links in emails, but few people can explain exactly why you shouldn’t do that (they will usually offer a canned ‘hackers can steal your credentials if you do’ explanation) Cross-Site … Continue reading Tackling cross-site request forgery (CSRF) on company websites
90% of cyberattacks on cloud environments in the last 12 months involved compromised privileged credentials, according to a research from Centrify. Most cloud environments successfully compromised The study, which surveyed 150 IT decision makers across… Continue reading Cybercriminals capitalizing on our reliance on the cloud
I am currently building a Python desktop application in PyQt/PySide which will be compiled to .exe. I am planning to use the Azure SQL database and a remote file storage (like S3).
An issue arises that the application needs passwords (cred… Continue reading Python desktop application: storing cloud database passwords
A new phishing campaign is targeting U.S. taxpayers with documents that purport to contain tax-related content, but ultimately deliver NetWire and Remcos malware – two prolific remote access trojans (RATs) which allows attackers to take control o… Continue reading New phishing campaign targets taxpayer credentials
I’m currently testing an application, which connects to a MS-SQL database. Through Wireshark, I can see that the application uses TDS to connect to the database. Furthermore, I can see that both the queries and results are UTF-16 encoded a… Continue reading How is TDS authentication data protected?